>
> This is good to know. I think it's time to update the FAQ/Wiki with this
> details.
>
Good thanks..
>
> I don't know what logging solution you are using, but all major syslog
> daemons that do mysql inserts also allow you to duplicate the message to
> files and the database. This way you could setup ossec (or even just a
> agent) to read the files and generate alerts. Then have log rotation run
> often so that file system space does not get wasted on dup data for to
> long.
Yes this is certainly the route I'm currently going down at the moment, you see
in places and posts from years ago that Database support was going to be
coming, I guess it never arrived.
But any-way's there's always a way as you've stated and this is where i'm at
now. I would like to double check if this method of a catch-all will work
however?
<rule id="500000" level="3">
<match>*</match>
<description>Catch All</description>
</rule>
Thanks all
